HP 8730w Trusted Execution Technology and Tboot Implementation
HP 8730w - EliteBook Mobile Workstation Manual
UPC - 884962212455
View all HP 8730w manuals
Add to My Manuals
Save this manual to your list of manuals |
HP 8730w manual content summary:
- HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 1
Tboot Implementation 2008 Mobile Platforms Table of Contents: Introduction ...1 System Requirements ...2 BIOS TXT Settings ...2 20 Introduction HP has implemented the Trusted eXecution Technology (TXT), part of Intel's Safer Computing Initiative, on certain models of 2008 commercial notebooks. The - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 2
verified launch processes. Based on the criteria/ BIOS Administrator Password to enter the BIOS administrator password. 2. Go to Security Æ TPM Embedded Security Æ Embedded Security Device State Æ Enabled 3. Go to System Configuration Æ Device "Disk Partitioning Setup" screen, select from the Drop - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 3
password or select 'configure advance boot loader options'. Press 7. At the next screen, select the time zone and after that choose a password ('yum list ' will display 'installed', else it would -in) f. Device Drivers Æ SCSI device support ÆSCSI low-level drivers - Select 'M' - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 4
Bios settings. 24.The next time you boot into the system, you can select the option at the boot menu to boot into 'Xen with VTD'. 25.While checking the serial output for this grub entry, if it gets stuck at a display serial messages to a memory buffer. Helpful for notebooks that lack serial output - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 5
from the memory buffer. BIOS settings (under F10: System Configuration Æ Device Configurations Æ USB legacy Support) and try to boot into Tboot again. TPM TOOLS 1.3.1 Installation 1. Open the terminal 2. cd ~/ 3. If required set the proxy options as, export http_proxy=: - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 6
pv 0x02 -p (creates index 0x20000001 for verified launch policies. This index is hardcoded in tboot source code, so you can't pol -p Note: Please refer to the "Intel Trusted Execution Technology- Launch Control Policy: Linux Tools User Manual" for the proper - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 7
Serial Output (The output may vary depending on the system configuration): Intel(r) TXT Configuration Registers: STS: 0x188d1 reset: FALSE ERRORCODE: 0x0 DIDVID: 0x7f90008086 vendor_id: 0x8086 device_id: 0x9000 revision_id: 0x7f SINIT.BASE: 0x3aa00000 SINIT.SIZE: 131072B (0x20000) HEAP.BASE - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 8
TBOOT TBOOT: TPM is ready TBOOT: TPM nv_locked: TRUE TBOOT: read verified launch policy (512 bytes) from TPM NV TBOOT: policy: TBOOT: version: 2 TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL TBOOT: hash_alg: TB_HALG_SHA1 TBOOT: policy_control: 00000001 (EXTEND_PCR17) TBOOT: num_entries: 3 - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 9
, revision=7f TBOOT: 1 ACM chipset id entries: TBOOT: vendor=8086, device=9000, flags=1, revision=3f, extended=0 TBOOT: copied SINIT (size=66c0) to 3aa00000 TBOOT: AC mod base alignment OK TBOOT: AC mod size OK TBOOT: AC module header dump for SINIT: TBOOT: type: 0x2 (ACM_TYPE_CHIPSET) TBOOT - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 10
TBOOT: capabilities: 0x00000002 TBOOT: rlp_wake_getsec: 0 TBOOT: rlp_wake_monitor: 1 TBOOT: acm_ver: 16 TBOOT: chipset list: TBOOT: count: 1 TBOOT: entry 0: TBOOT: flags: 0x1 TBOOT: vendor_id: 0x8086 TBOOT: device_id: 0x9000 TBOOT: revision_id: 0x3f TBOOT: extended_id: 0x0 - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 11
TBOOT: lcp_po_base: 0x0 TBOOT: lcp_po_size: 0x0 (0) TBOOT: capabilities: 0x00000002 TBOOT: rlp_wake_getsec: 0 TBOOT: rlp_wake_monitor: 1 TBOOT: setting MTRRs for acmod: base=3aa00000, size=66c0, num_pages=7 TBOOT: executing GETSEC[SENTER]... TBOOT TBOOT TBOOT: 2008-07-14 10:56 -0500 76 - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 12
: write nv 20000002, offset 00000000, 00000004 bytes, return = 00000002 TBOOT: Error: write TPM error: 0x2. TBOOT: LT.ERRORCODE=c0000001 TBOOT: AC module error : acm_type=1, progress=00, error=0 TBOOT: LT.ESTS=0 TBOOT: bios_data (@3aa20008, 2c): TBOOT: version: 3 TBOOT: bios_sinit_size: 0x0 - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 13
TBOOT: vtd_pmr_hi_size: 0x0 TBOOT: lcp_po_base: 0x0 TBOOT: lcp_po_size: 0x0 (0) TBOOT: capabilities: 0x00000002 TBOOT: rlp_wake_getsec: 0 TBOOT: rlp_wake_monitor: 1 TBOOT: sinit_mle_data (@3aa201b0, 260): TBOOT: version: 6 TBOOT: bios_acm_id: 80 00 00 00 20 08 05 15 00 00 2a 40 00 00 00 - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 14
TBOOT: entry[3] sig = MCFG @ 0x3a7f9000 TBOOT: acpi_table_mcfg @ 3a7f9000, .base_address = e0000000 TBOOT: mtrr_def_type: e = 1, fe = 1, type = 0 TBOOT: mtrrs: TBOOT: base mask type v TBOOT: 0ffe00 fffe00 05 1 TBOOT: 000000 fc0000 06 1 TBOOT: 03f000 fff000 00 1 TBOOT: 03a570 fffff0 00 - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 15
TBOOT: all APs in wait-for-sipi TBOOT: enabling SMIs on BSP TBOOT: set LT.CMD.SECRETS flag TBOOT: opened TPM locality 1 TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return = 00000002 TBOOT: Error: write TPM error: 0x2. TBOOT: RSDP (v002 HPQOEM) @ 0x000f6910 TBOOT: Seek in XSDT... - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 16
TBOOT: 00000000fed1c000 - 00000000fed20000 (2) TBOOT: 00000000fee00000 - 00000000fee01000 (2) TBOOT: 00000000ffe80000 - 0000000100000000 (2) TBOOT: verifying module 0 of mbi (1035000 - 1113753) in e820 table (range from 0000000001035000 to 0000000001113754 is in E820_RAM) TBOOT: : succeeded. TBOOT: - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 17
aa 73 04 0d 61 4b f2 TBOOT: PCR 18: 63 2c 08 81 e3 0e 43 87 69 0f a4 2f b9 cc 98 ac fb a3 62 d0 TBOOT: PCRs after extending: TBOOT: PCR 17: 3a 5f 2f c8 4a a8 0a 1a 92 86 8d 79 f6 89 - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 18
TBOOT: shutdown_entry32: 0x010030a0 TBOOT: shutdown_entry64: 0x010030f0 TBOOT: shutdown_type: 0 TBOOT: s3_tb_wakeup_entry: 0x0008a000 TBOOT: s3_k_wakeup_entry: 0x00000000 TBOOT: &acpi_sinfo: 0x0101c02c TBOOT: tboot_base: 0x01003000 TBOOT: tboot_size: 0x30b9c TBOOT: g_log: TBOOT: uuid={0xc0192526, - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 19
Appendix B Procedure to install drivers for Intel Gigabit Ethernet Adapter: 1. Download the drivers from 2. http://voxel.dl.sourceforge.net/sourceforge/e1000/e1000e-0.4.1.7.tar.gz 3. Copy e1000e-0.4.1.7.tar.gz to desktop 4. Open terminal 5. cd Desktop/ 6. rpmbuild -tb e1000e-0.4.1.7.tar. - HP 8730w | Trusted Execution Technology and Tboot Implementation - Page 20
to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors
1
Trusted Execution Technology and
Tboot Implementation
2008 Mobile Platforms
Table of Contents:
Introduction
....................................................................................................................................
1
System Requirements
..................................................................................................................
2
BIOS TXT Settings
............................................................................................................................
2
Fedora Installation
..........................................................................................................................
2
XEN 3.3.0 Installation
.....................................................................................................................
3
TBOOT Installation
..........................................................................................................................
4
TPM TOOLS 1.3.1 Installation
..........................................................................................................
5
LCP: Define Platform Owner Policy
...................................................................................................
5
Appendix A
....................................................................................................................................
7
Appendix B
...................................................................................................................................
19
For more information
....................................................................................................................
20
Introduction
HP has implemented the Trusted eXecution Technology (TXT), part of Intel’s Safer Computing Initiative,
on certain models of 2008 commercial notebooks. The purpose of this document is to provide a step
by step guideline to setup a TXT enabled environment.
The document will cover the following areas:
•
BIOS settings related to TXT,
•
Intel’s Trusted Execution Technology,
•
Trusted Boot and
•
Launch Control Policies
Trusted eXecution Technology (
), a hardware-based
mechanism that helps to protect against software-based attacks and protects the confidentiality and
integrity of data stored or created on the client PC by means of measured launch and protected
execution. In other words, TXT provides only the launch-time protection, i.e. ensure that the code we
load, is really what we intended to load - secure and not compromised by any virus attacks.
(
).
The technology mainly depends on set of hardware extensions to Intel processors and chipsets that
boost the platform with security capabilities. Trusted Platform Module is another important hardware
component. The TPM module is used to store and compare hash values (of launched environment),
which provides much greater security than storing them in software or on the hard disk